perl-devel October 2017

perl-devel@lists.fedoraproject.org

3 participants
324 discussions

[Bug 1150091] New: CVE-2014-1571 CVE-2014-1572 CVE-2014-1573 bugzilla: security fixes release
by Red Hat Bugzilla 30 Mar '18

30 Mar '18

https://bugzilla.redhat.com/show_bug.cgi?id=1150091 Bug ID: 1150091 Summary: CVE-2014-1571 CVE-2014-1572 CVE-2014-1573 bugzilla: security fixes release Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: bazanluis20(a)gmail.com, emmanuel(a)seyman.fr, itamar(a)ispbrasil.com.br, mcepl(a)redhat.com, perl-devel(a)lists.fedoraproject.org Upstream has issued an advisory today (October 6): http://www.bugzilla.org/security/4.0.14/ Class: Unauthorized Account Creation Versions: 2.23.3 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5 Fixed In: 4.0.15, 4.2.11, 4.4.6, 4.5.6 Description: An attacker creating a new Bugzilla account can override certain parameters when finalizing the account creation that can lead to the user being created with a different email address than originally requested. The overridden login name could be automatically added to groups based on the group's regular expression setting. References: https://bugzilla.mozilla.org/show_bug.cgi?id=1074812 CVE Number: CVE-2014-1572 Class: Cross-Site Scripting Versions: 2.17.1 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5 Fixed In: 4.0.15, 4.2.11, 4.4.6, 4.5.6 Description: During an audit of the Bugzilla code base, several places were found where cross-site scripting exploits could occur which could allow an attacker to access sensitive information. References: https://bugzilla.mozilla.org/show_bug.cgi?id=1075578 CVE Number: CVE-2014-1573 Class: Information Leak Versions: 2.17.1 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5 Fixed In: 4.0.15, 4.2.11, 4.4.6, 4.5.6 Description: If a new comment was marked private to the insider group, and a flag was set in the same transaction, the comment would be visible to flag recipients even if they were not in the insider group. References: https://bugzilla.mozilla.org/show_bug.cgi?id=1064140 CVE Number: CVE-2014-1571 Class: Social Engineering Versions: 2.17.1 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5 Fixed In: 4.0.15, 4.2.11, 4.4.6, 4.5.6 Description: Search results can be exported as a CSV file which can then be imported into external spreadsheet programs. Specially formatted field values can be interpreted as formulas which can be executed and used to attack a user's computer. References: https://bugzilla.mozilla.org/show_bug.cgi?id=1054702 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=0XmWcvadmK&a=cc_unsubscribe

2 10

[Bug 1493804] New: perl-Module-CoreList-5.20170920 is available
by bugzilla＠redhat.com 21 Mar '18

21 Mar '18

https://bugzilla.redhat.com/show_bug.cgi?id=1493804 Bug ID: 1493804 Summary: perl-Module-CoreList-5.20170920 is available Product: Fedora Version: rawhide Component: perl-Module-CoreList Keywords: FutureFeature, Triaged Assignee: ppisar(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: jplesnik(a)redhat.com, perl-devel(a)lists.fedoraproject.org, ppisar(a)redhat.com, tcallawa(a)redhat.com Latest upstream release: 5.20170920 Current version/release in rawhide: 5.20170821-1.fc28 URL: http://search.cpan.org/dist/Module-CoreList/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/3080/ -- You are receiving this mail because: You are on the CC list for the bug.

1 13

[Bug 1494826] New: perl-Module-CoreList-5.20170923 is available
by bugzilla＠redhat.com 21 Mar '18

21 Mar '18

https://bugzilla.redhat.com/show_bug.cgi?id=1494826 Bug ID: 1494826 Summary: perl-Module-CoreList-5.20170923 is available Product: Fedora Version: rawhide Component: perl-Module-CoreList Keywords: FutureFeature, Triaged Assignee: ppisar(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: jplesnik(a)redhat.com, perl-devel(a)lists.fedoraproject.org, ppisar(a)redhat.com, tcallawa(a)redhat.com Latest upstream release: 5.20170923 Current version/release in rawhide: 5.20170920-1.fc28 URL: http://search.cpan.org/dist/Module-CoreList/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/3080/ -- You are receiving this mail because: You are on the CC list for the bug.

1 11

[Bug 1470030] New: perl-Test-LeakTrace-0.16-1.fc27 FTBFS: Failed test ' UninitCondition' on ppc64
by bugzilla＠redhat.com 07 Mar '18

07 Mar '18

https://bugzilla.redhat.com/show_bug.cgi?id=1470030 Bug ID: 1470030 Summary: perl-Test-LeakTrace-0.16-1.fc27 FTBFS: Failed test 'UninitCondition' on ppc64 Product: Fedora Version: rawhide Component: perl-Test-LeakTrace Assignee: paul(a)city-fan.org Reporter: ppisar(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: paul(a)city-fan.org, perl-devel(a)lists.fedoraproject.org perl-Test-LeakTrace-0.16-1.fc27 fails to build on ppc64 because a test fails: xt/04_synopsis.t ...... ok # Using valgrind 3.13.0 located at /usr/bin/valgrind # Generating suppressions... # Suppressions for this perl stored in /builddir/.perl/Test-Valgrind/suppressions/1.19/memcheck-3.13.0-f8a949ca13829ef9427e49411b853411.supp # Using suppressions from /builddir/.perl/Test-Valgrind/suppressions/1.19/memcheck-3.13.0-f8a949ca13829ef9427e49411b853411.supp # Failed test 'UninitCondition' # at /usr/share/perl5/vendor_perl/Test/Valgrind/Session.pm line 598. # got: 2 # expected: 0 # # Conditional jump or move depends on uninitialised value(s) # __dcigettext (/usr/lib64/power8/libc-2.25.90.so) [?:?] # dcgettext (/usr/lib64/power8/libc-2.25.90.so) [?:?] # strerror_r (/usr/lib64/power8/libc-2.25.90.so) [?:?] # Perl_my_strerror (/usr/lib64/libperl.so.5.26.0) [?:?] # Perl_magic_get (/usr/lib64/libperl.so.5.26.0) [?:?] # Perl_mg_get (/usr/lib64/libperl.so.5.26.0) [?:?] # Perl_sv_setsv_flags (/usr/lib64/libperl.so.5.26.0) [?:?] # Perl_pp_sassign (/usr/lib64/libperl.so.5.26.0) [?:?] # leaktrace_runops (/builddir/build/BUILD/Test-LeakTrace-0.16/blib/arch/auto/Test/LeakTrace/LeakTrace.so) [LeakTrace.xs:184] # Perl_call_sv (/usr/lib64/libperl.so.5.26.0) [?:?] # Perl_call_list (/usr/lib64/libperl.so.5.26.0) [?:?] # perl_destruct (/usr/lib64/libperl.so.5.26.0) [?:?] # ? (/usr/bin/perl) [?:?] # generic_start_main.isra.0 (/usr/lib64/power8/libc-2.25.90.so) [?:?] # (below main) (/usr/lib64/power8/libc-2.25.90.so) [?:?] # Uninitialised value was created by a stack allocation # __dcigettext (/usr/lib64/power8/libc-2.25.90.so) [?:?] # # Conditional jump or move depends on uninitialised value(s) # __dcigettext (/usr/lib64/power8/libc-2.25.90.so) [?:?] # dcgettext (/usr/lib64/power8/libc-2.25.90.so) [?:?] # strerror_r (/usr/lib64/power8/libc-2.25.90.so) [?:?] # Perl_my_strerror (/usr/lib64/libperl.so.5.26.0) [?:?] # Perl_magic_get (/usr/lib64/libperl.so.5.26.0) [?:?] # Perl_mg_get (/usr/lib64/libperl.so.5.26.0) [?:?] # Perl_sv_setsv_flags (/usr/lib64/libperl.so.5.26.0) [?:?] # Perl_pp_sassign (/usr/lib64/libperl.so.5.26.0) [?:?] # leaktrace_runops (/builddir/build/BUILD/Test-LeakTrace-0.16/blib/arch/auto/Test/LeakTrace/LeakTrace.so) [LeakTrace.xs:184] # Perl_call_sv (/usr/lib64/libperl.so.5.26.0) [?:?] # Perl_call_list (/usr/lib64/libperl.so.5.26.0) [?:?] # perl_destruct (/usr/lib64/libperl.so.5.26.0) [?:?] # ? (/usr/bin/perl) [?:?] # generic_start_main.isra.0 (/usr/lib64/power8/libc-2.25.90.so) [?:?] # (below main) (/usr/lib64/power8/libc-2.25.90.so) [?:?] # Uninitialised value was created by a stack allocation # __dcigettext (/usr/lib64/power8/libc-2.25.90.so) [?:?] # Looks like your test exited with 1 just after 15. xt/05_valgrind.t ...... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/15 subtests Koschei reports first failure (on all platforms) with these build root changes: perl-Test-Simple 1:1.302085-2.fc27 > 1:1.302086-1.fc27 perl-Module-CoreList 1:5.20170531-3.fc27 > 1:5.20170621-1.fc27 glibc 2.25.90-6.fc27 > 2.25.90-12.fc27 valgrind 1:3.13.0-1.fc27 > 1:3.13.0-2.fc27 libcrypt-nss 2.25.90-6.fc27 > 2.25.90-12.fc27 perl-Encode 4:2.90-9.fc27 > 4:2.91-11.fc27 glibc-devel 2.25.90-6.fc27 > 2.25.90-12.fc27 glibc-all-langpacks 2.25.90-6.fc27 > 2.25.90-12.fc27 glibc-common 2.25.90-6.fc27 > 2.25.90-12.fc27 glibc-headers 2.25.90-6.fc27 > 2.25.90-12.fc27 libffi 3.1-10.fc26 > 3.1-11.fc27 nss-softokn-freebl 3.30.2-2.fc27 > 3.31.0-2.fc27 expat 2.2.0-2.fc26 > 2.2.1-1.fc27 kernel-headers 4.12.0-0.rc5.git2.1.... > 4.12.0-0.rc6.git3.1.... nss-util 3.30.2-3.fc27 > 3.31.0-2.fc27 libcurl 7.54.1-1.fc27 > 7.54.1-2.fc27 perl-HTTP-Message 6.11-5.fc27 > 6.13-1.fc27 curl 7.54.1-1.fc27 > 7.54.1-2.fc27 glib2 2.53.2-1.fc27 > 2.53.3-1.fc27 nspr 4.14.0-2.fc27 > 4.15.0-1.fc27 nss-softokn 3.30.2-2.fc27 > 3.31.0-2.fc27 And next build root change keeps ppc64 failing only: perl-devel 4:5.26.0-393.fc27 > 4:5.26.0-394.fc27 perl-libs 4:5.26.0-393.fc27 > 4:5.26.0-394.fc27 perl 4:5.26.0-393.fc27 > 4:5.26.0-394.fc27 perl-IO 1.38-393.fc27 > 1.38-394.fc27 libcrypt-nss 2.25.90-12.fc27 > 2.25.90-15.fc27 valgrind 1:3.13.0-2.fc27 > 1:3.13.0-3.fc27 glibc 2.25.90-12.fc27 > 2.25.90-15.fc27 perl-macros 4:5.26.0-393.fc27 > 4:5.26.0-394.fc27 glibc-devel 2.25.90-12.fc27 > 2.25.90-15.fc27 openssl-libs 1:1.1.0f-3.fc27 > 1:1.1.0f-4.fc27 perl-Errno 1.28-393.fc27 > 1.28-394.fc27 glibc-common 2.25.90-12.fc27 > 2.25.90-15.fc27 perl-Pod-Html 1.22.02-393.fc27 > 1.22.02-394.fc27 glibc-headers 2.25.90-12.fc27 > 2.25.90-15.fc27 glibc-all-langpacks 2.25.90-12.fc27 > 2.25.90-15.fc27 perl-Net-Ping 2.55-393.fc27 > 2.55-394.fc27 perl-IO-Zlib 1:1.10-393.fc27 > 1:1.10-394.fc27 rpm-build 4.13.0.1-23.fc27 > 4.13.0.1-24.fc27 perl-Locale-Maketext-Simple 1:0.21-393.fc27 > 1:0.21-394.fc27 rpm 4.13.0.1-23.fc27 > 4.13.0.1-24.fc27 rpm-libs 4.13.0.1-23.fc27 > 4.13.0.1-24.fc27 perl-Math-Complex 1.59-393.fc27 > 1.59-394.fc27 rpm-build-libs 4.13.0.1-23.fc27 > 4.13.0.1-24.fc27 rpm-plugin-selinux 4.13.0.1-23.fc27 > 4.13.0.1-24.fc27 This happens even with glibc-2.25.90-22.fc27. I suspect an undefined behavior (or missing a valgrind suppresion) in glibc's __dcigettext(). -- You are receiving this mail because: You are on the CC list for the bug.

1 12

[Bug 1438957] New: icons are missing on bugzilla's front page
by bugzilla＠redhat.com 06 Mar '18

06 Mar '18

https://bugzilla.redhat.com/show_bug.cgi?id=1438957 Bug ID: 1438957 Summary: icons are missing on bugzilla's front page Product: Fedora Version: 25 Component: bugzilla Assignee: itamar(a)ispbrasil.com.br Reporter: emmanuel(a)seyman.fr QA Contact: extras-qa(a)fedoraproject.org CC: adrian(a)lisas.de, bazanluis20(a)gmail.com, dwt(a)poltec.com, emmanuel(a)seyman.fr, extras-qa(a)fedoraproject.org, hughbragg(a)tpg.com.au, itamar(a)ispbrasil.com.br, perl-devel(a)lists.fedoraproject.org Depends On: 1403588 --- Additional comment from Dennis W. Tokarski on 2016-12-21 18:32:34 EST --- And by the way, once you get the home page to render, the large icons for bug/search/usr/docs are missing. The client is trying to fetch e.g /skins/standard/index/search.png and getting a 404. It should be trying for /bugzilla/skins.... Temporary fix is to edit bugzilla.conf again and at the top add Alias /skins /usr/share/bugzilla/skins Looks like a bug in the cgi script for the home page. Sorry for not filing this separately, emmanuel, but since you're on this anyway... Hope this helps. Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1403588 [Bug 1403588] /usr/share/bugzilla/assets/.htaccess: Require not allowed here -- You are receiving this mail because: You are on the CC list for the bug.

1 10

[Bug 1479864] New: Upgrade perl-Net-SSL-Perl to 2.12
by bugzilla＠redhat.com 06 Mar '18

06 Mar '18

https://bugzilla.redhat.com/show_bug.cgi?id=1479864 Bug ID: 1479864 Summary: Upgrade perl-Net-SSL-Perl to 2.12 Product: Fedora Version: rawhide Component: perl-Net-SSH-Perl Keywords: FutureFeature Assignee: paul(a)city-fan.org Reporter: jplesnik(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: paul(a)city-fan.org, perl-devel(a)lists.fedoraproject.org Blocks: 1479860 Latest Fedora delivers 1.42 version. Upstream released 2.12. When you have free time, please upgrade it. The latest version is required for Net-SFTP-0.12. Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1479860 [Bug 1479860] perl-Net-SFTP-0.12 is available -- You are receiving this mail because: You are on the CC list for the bug.

1 5

[Bug 1347302] New: Please build perl-Crypt-SMIME for EPEL 7
by Red Hat Bugzilla 01 Mar '18

01 Mar '18

https://bugzilla.redhat.com/show_bug.cgi?id=1347302 Bug ID: 1347302 Summary: Please build perl-Crypt-SMIME for EPEL 7 Product: Fedora EPEL Version: epel7 Component: perl-Crypt-SMIME Assignee: steve.traylen(a)cern.ch Reporter: xavier(a)bachelot.org QA Contact: extras-qa(a)fedoraproject.org CC: perl-devel(a)lists.fedoraproject.org, steve.traylen(a)cern.ch Hi, I would need perl-Crypt-SMIME in EPEL 7 for another package. Could you please branch and build ? I can (co-)maintain the branch if you wish. Regards, Xavier -- You are receiving this mail because: You are on the CC list for the bug.

2 10

[Bug 1331520] New: Please update perl-Crypt-SMIME to at least 0.15 in EPEL 6
by Red Hat Bugzilla 01 Mar '18

01 Mar '18

https://bugzilla.redhat.com/show_bug.cgi?id=1331520 Bug ID: 1331520 Summary: Please update perl-Crypt-SMIME to at least 0.15 in EPEL 6 Product: Fedora EPEL Version: el6 Component: perl-Crypt-SMIME Assignee: steve.traylen(a)cern.ch Reporter: xavier(a)bachelot.org QA Contact: extras-qa(a)fedoraproject.org CC: perl-devel(a)lists.fedoraproject.org, steve.traylen(a)cern.ch Hi, I'd like perl-Crypt-SMIME to be updated to at least version 0.15 in EPEL 6 in order to build another package. Thanks and regards, Xavier -- You are receiving this mail because: You are on the CC list for the bug.

2 14

[Bug 1459433] New: Unescaped % character in changelog
by bugzilla＠redhat.com 27 Feb '18

27 Feb '18

https://bugzilla.redhat.com/show_bug.cgi?id=1459433 Bug ID: 1459433 Summary: Unescaped % character in changelog Product: Fedora Version: rawhide Component: perl-Plack Severity: low Assignee: rc040203(a)freenet.de Reporter: ppisar(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: perl-devel(a)lists.fedoraproject.org, rc040203(a)freenet.de perl-Plack-1.0044-2.fc27 has this entry in its %changelog section: * Fri Jan 29 2016 Ralf Corsépius <corsepiu(a)fedoraproject.org> - 1.0034-4 - Modernize spec. - Remove ref to %%{perl_vendorlib}/Plack/Server/Apache1.pm. - Exclude stray %{_mandir}/man3/Plack::Handler::Apache1.3pm* manpage. The last line should escape the per-cent character by another per-cent character. -- You are receiving this mail because: You are on the CC list for the bug.

1 8

[Bug 1479860] New: perl-Net-SFTP-0.12 is available
by bugzilla＠redhat.com 27 Feb '18

27 Feb '18

https://bugzilla.redhat.com/show_bug.cgi?id=1479860 Bug ID: 1479860 Summary: perl-Net-SFTP-0.12 is available Product: Fedora Version: rawhide Component: perl-Net-SFTP Keywords: FutureFeature, Triaged Assignee: jplesnik(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: jplesnik(a)redhat.com, perl-devel(a)lists.fedoraproject.org, steve(a)silug.org Latest upstream release: 0.12 Current version/release in rawhide: 0.10-26.fc27 URL: http://search.cpan.org/dist/Net-SFTP/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/14243/ -- You are receiving this mail because: You are on the CC list for the bug.

1 3

← Newer
1
...
5
6
7
8
9
10
11
...
33
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

perl-devel October 2017